[WW-5353] Implement stronger security defaults in Struts 7.0 - ASF JIRA

Attach files

Attach Screenshot

Add vote

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: 7.0.0
Component/s: None
Labels:
None

Description

struts.ognl.allowStaticFieldAccess=false

struts.ognl.excludedNodeTypes=<TBA>

struts.ognl.expressionMaxLength=150

struts.disallowDefaultPackageAccess=true

struts.disallowProxyMemberAccess=true

struts.parameters.requireAnnotations=true

struts.ognl.disallowCustomOgnlMap=true

struts.allowlist.enable=true

Attachments

Issue Links

Add Link

links to

GitHub Pull Request #919

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned

Reporter:: Kusal Kithul-Godage

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 12/Oct/23 11:10

Updated:: 24/Apr/24 15:34

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

Agile

View on Board

Implement stronger security defaults in Struts 7.0

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment